Financial institutions have traditionally had a heightened focus on the management of risk given the severe and long-lasting legal, regulatory, operational, financial, and reputational consequences.
Your fiduciary responsibility, as a financial institution’s board member, is critical in safeguarding against risk and fraud. Don’t allow your organization to be the next victim.
Here are some steps that you, as a board or committee member, can take to help your financial institution prevent risk and fraud:
Set the Tone at the Top and Establish Expectations
Problems start with people; they’re any financial institution’s biggest vulnerability for control issues, exploitation, and fraud. That said, fully vetting high-level applicants and board members with a thorough background check is a start, but don’t forget to invest time and effort to fortify the institution’s culture, so all employees feel engaged and important.
This can be accomplished by setting clearly defined expectations for ethical behavior and integrity through a code of conduct or ethics policy that applies to every financial institution employee, board, and committee member. Any violations should be addressed immediately.
Perform a Risk Assessment and Identify Internal Controls to Mitigate Risk
Don’t rely on “negative assurance,” or the assumption that no news is good news. All financial institutions face risks. But by establishing an ongoing process to assess risk, your financial institution can be proactive in mitigating risk, including the risk of fraud. Risk is mitigated by both the establishment of sound internal controls and ongoing assessment to ensure the internal controls are designed and operating as intended.
Additional considerations to strengthen internal control environment and reduce risk for your financial institution’s include:
- Segregation of Duties in key processes, so that no single person is responsible or has access to perform the entire function or process.
- Authorization and approval are key controls that prevent errors from occurring and can mitigate the risk of inappropriate transactions. An example of authorization and approval as an internal control is the review of application. New loans should be reviewed and approved based on approval authority established within the Institution.
- Monitoring Controls are typically performed after the fact to detect errors or inappropriate transactions. An effective monitoring control is performed in a timely manner — e.g., loan review performed annually on loans that are above a certain threshold to determine if there are credit or compliance issues as well as detecting other trends within the portfolio.
Effective Governance and Ongoing Monitoring
Fraud prevention is not a check-the-box, one-and-done task. It’s an ongoing process that should be discussed at the board and executive management level. Board members need to ask questions about the effectiveness of internal controls, stay informed, and challenge management on emerging risks that could impact the control environment.
Are you interested in learning more? Rehmann has experienced professionals who specialize in helping financial institutions and their boards identify, address, and appropriately reduce risk and fraud. Our advisors are available to discuss a tailored approach that could include one or more of the following services:
- Risk Assessment
- Process and Controls Assessment
- Board Education and Board Effectiveness Review
- Segregation of Duties Evaluation
- IT Access, Change Management Process and Controls Assessment
- Cybersecurity Controls Assessment
For more information, please contact your Rehmann advisor or reach out to Kristy Clark, a Rehmann principal specializing in risk advisory: [email protected] or 248.952.5000.